cancel
Showing results for 
Search instead for 
Did you mean: 

What is the best deployment strategy for upgrading to ENS 10.6 onto 2000 laptops?

Hi

I have 2000 laptops on my network.

They are all running the following components:

McAfee agent 5.5.0.447

DXL client 4.0.0.450

Endpoint security platform 10.5.3.3178

Endpoint security threat prevention 10.5.3.3264

Endpoint security adaptive treat protection 10.5.3.3113

 

In preparation for Windows 10 1803, I need to update all the components to:

McAfee agent 5.5.0.447 (UNCHANGED)

DXL client 4.1.0.184 (NEW version)

Endpoint security platform 10.6.0.542 (NEW version)

Endpoint security threat prevention 10.6.0.672 (NEW version)

Endpoint security adaptive treat protection 10.6.0.656 (NEW version)

 

Pilot deployment

I'm currently running a deployment on a pilot group of 50 laptops to test the new version of DXL and ENS.

What I have done so far:

Check in new DXL and ENS into Evaluation branch

Created a client task (I name it ENS_10.6 Install) under Product Deployment to install DXL and ENS components.

Then I'm manually deploying ENS_10.6 install to my pilot group of 50 laptops.

 

Production deployment:

What would be the best way of upgrading the rest of the laptop fleet?

 

Thanks

7 Replies
Reliable Contributor denn
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: What is the best deployment strategy for upgrading to ENS 10.6 onto 2000 laptops?

I am using client task for client deployments.

In you comapny we have 30000 computers.

Pilot running on 400 machines.

Wave 1 - 1000 machines, Wave2 - 2000, Wave3 5000, Wave4 - 5000...

I am using TAG for deployment - "ENSDeploymnet" and Client task assigment for this tag.

Client task "ENS 10.6 - Evaluation" assigning scheduled client task for machines and thats all.

Re: What is the best deployment strategy for upgrading to ENS 10.6 onto 2000 laptops?

Hi, so just to confirm, this is what you did?

1. Create tag - name it for example ENSDeployment

2. Create a client assignment for DXL and ENS and target all machines with this tag?

 

 

Reliable Contributor denn
Reliable Contributor
Report Inappropriate Content
Message 4 of 8

Re: What is the best deployment strategy for upgrading to ENS 10.6 onto 2000 laptops?

Yes.

but I am using two different task for ENS and DXL.

"ENSDeployment" tag with client task assigment - Task contains (ENS Platfrom, Threat Prevention and Firewall. (Task name - Deply ENS 10.6 - Evaluation)

Other deployment tag is DXL-ATP with client task assigment - Task contains (DXL and ENS Adaptive Threat Preventin) (Task name - Deploy DXL 4.1 ATP 10.6 - Evaluation)

Re: What is the best deployment strategy for upgrading to ENS 10.6 onto 2000 laptops?

Hi, thanks for the prompt response

Are there any reasons why you created two client tasks?

Ther reason i ask is because I was advised by a McAfee engineer to install DXL and ENS components in this particular order.

1. DXL.

2. ENS platform

3. ENS threat prevention

4. END adaptive threat protection.

He did emphasise that the order of installation is important.

 

Reliable Contributor denn
Reliable Contributor
Report Inappropriate Content
Message 6 of 8

Re: What is the best deployment strategy for upgrading to ENS 10.6 onto 2000 laptops?

It's just for me and prevent a lot of investigation.

Personaly I am at first updating ENS (Platfrom, TP and FW) to know what issues I will have after ENS update/deployment.

After ENS deplyment I am started DXL/ATP update/deployment and see that for one specific application ATP causing the performance issue and I am dont need to investigate this issue caused be TP or FW, I know that issue appears after DXL/ATP deployment, just removed ATP and issue gone.

Highlighted
kblowe
Level 8
Report Inappropriate Content
Message 7 of 8

Re: What is the best deployment strategy for upgrading to ENS 10.6 onto 2000 laptops?

Good information here! Finally found EPO admins doing the upgrade. I am in the process of upgrading from legacy products VSE & HIPS Patch 10 to ENS 10.6.  I actually did 8 upgrades in our test environment. But since 10.6.1 was released recently that will help with 1 problem I came across. Has anyone seen where the inital deployment of ENS it drops a 802.1x network connection? I am hoping its a filter driver issue and 10.6.1 resolves it. Fingers crossed.

Also, I have to install ATP after we migrate 1000 workstaions (includes laptops) to ENS, and I'm actually going to install it separately as well to monitor the deployment and what its actually going to block.

I read the thread about uninstalling HIPS after ENS is deployed, which helped me out instead of calling support. Its not documented anywhere that you need to remove HIPS later.

McAfee Employee johma
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: What is the best deployment strategy for upgrading to ENS 10.6 onto 2000 laptops?

There is also a very helpfult tool that you can use called Endpoint Upgrade Assistant.., from ePO goto the Software manager and search on "EUA".

Current version at time of this post 2.3.0.23

This will analyze what you have and show you what can be upgraded, what needs to be done to upgrade and also there is an option to build an upgrade package and deploy. 

 




Was my reply helpful?


If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community